home

inetinfo.exe

The executable inetinfo.exe has been detected as malware by 36 anti-virus scanners. While running, it connects to the Internet address media-router-fp1.prod.media.vip.bf1.yahoo.com on port 443.
MD5:
8a42f79818cf268fec806c0f8ca3c7fb

SHA-1:
27a8ca102f9e0469e454f7ba6cf5c2a9e62cd2a0

SHA-256:
fe6899cfe6f3d6203490eb1d14d99e5b246fbd423d58dc2f93d739becf08d15e

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
12/26/2024 12:23:27 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
I-Worm.Brontok.DN
7.1.1

AhnLab V3 Security
Win32/Brontok.worm.42579
2013.01.29

Avira AntiVirus
Worm/Brontok.QA
7.11.59.14

avast!
Win32:Brontok-BG [Wrm]
2014.9-160725

AVG
I-Worm/Brontok.X
2017.0.2672

Bitdefender
Win32.Worm.Brontok.AL
1.0.20.1035

Clam AntiVirus
Worm.Brontok.E
0.98/18155

Comodo Security
Worm.Win32.Brontok.CV
15089

Dr.Web
Win32.HLLM.Generic.440
9.0.1.0207

Emsisoft Anti-Malware
Win32.Worm.Brontok.AL
8.16.07.25.05

ESET NOD32
Win32/Brontok.CV
10.7943

Fortinet FortiGate
W32/Brontok.C@mm
7/25/2016

F-Prot
W32/Worm.HUG
v6.4.6.5.141

F-Secure
Win32.Worm.Brontok.AL
11.2016-25-07_2

G Data
Win32.Worm.Brontok.AL
16.7.22

IKARUS anti.virus
Email-Worm.Win32.Brontok
t3scan.1.3.5.0

K7 AntiVirus
EmailWorm
13.160.8161

Kaspersky
Email-Worm.Win32.Brontok
14.0.0.-146

Malwarebytes
Trojan.Dropper
v2016.07.25.05

McAfee
W32/Rontokbro.gen@MM
5600.6328

Microsoft Security Essentials
Worm:Win32/Brontok.AS@mm
1.163.1557.0

MicroWorld eScan
Win32.Worm.Brontok.AL
17.0.0.621

NANO AntiVirus
Trojan.Win32.Brontok.bmcat
0.22.8.49711

Norman
Rontokbro
11.20160725

nProtect
Win32.Worm.Brontok.AL
13.01.29.01

Panda Antivirus
W32/Brontok.GS.worm
16.07.25.05

Quick Heal
W32.Brontok.Q
7.16.12.00

Rising Antivirus
Trojan.Win32.Mnless.dyr
23.00.65.16723

Sophos
W32/Brontok-V
4.85

SUPERAntiSpyware
Trojan.Agent/Gen-Krotche
9001

Total Defense
Win32/Robknot.EL
37.0.10270

Trend Micro House Call
WORM_RONTKBR.GEN
7.2.207

Trend Micro
WORM_RONTKBR.GEN
10.465.25

Vba32 AntiVirus
Email-Worm.Win32.Brontok.q
3.12.18.5

VIPRE Antivirus
Email-Worm.Win32.Brontok.ik
15274

ViRobot
I-Worm.Win32.Brontok.42579
2011.4.7.4223

File size:
153.6 KB (157,267 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\inetinfo.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
768:FOT/0+bspijWBN+drsP1sqqzNFKI2FT8SPI5siIPFv2jPVdov35BMC:60+2iji2stsq23KFzP8oPFOjtdm5

Entry address:
0x2F43A

Entry point:
E9, 15, 0D, FD, FF, 0C, 50, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 11, F4, 02, 00, 0C, 50, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Packer / compiler:
MEW, 0x11 SE v1.2

Code size:
512 Bytes (512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to media-router-fp1.prod.media.vip.bf1.yahoo.com  (98.139.180.180:443)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP SSL):
Connects to ir2.fp.vip.bf1.yahoo.com  (98.139.183.24:443)

TCP (HTTP SSL):
Connects to ats.sbs.vip.dc11.lumsb.com  (8.12.146.61:443)

TCP (HTTP SSL):
Connects to media-router-fp1.prod.media.vip.ne1.yahoo.com  (98.138.252.38:443)

TCP (HTTP SSL):
Connects to ir1.fp.vip.bf1.yahoo.com  (98.139.180.149:443)

Remove inetinfo.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.